Fix GH-18212: fseek with SEEK_CUR and negative offset crash on debug

Triggers the assertion as with SEEK_CUR the stream position is set to a
negative value so we force the failure without affecting its position
instead.

close GH-18224

NEWS

@@ -10,6 +10,8 @@ PHP                                                                        NEWS
   . Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
     (Jakub Zelenka)
   . Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS). (ilutov)
+  . Fixed bug GH-18212 (fseek with SEEK_CUR whence value and negative offset
+    leads to negative stream position). (David Carlier)
 
 10 Apr 2025, PHP 8.3.20
 

ext/standard/tests/file/gh18212.phpt

@@ -0,0 +1,13 @@
+--TEST--
+GH-18212: fseek with SEEK_CUR and negative offset leads to negative file stream position.
+--FILE--
+<?php
+$fp = fopen('php://input', 'r+');
+var_dump(fseek($fp, -1, SEEK_SET));
+var_dump(fseek($fp, -32, SEEK_CUR));
+fclose($fp);
+?>
+--EXPECT--
+int(-1)
+int(-1)
+

ext/standard/tests/file/stream_rfc2397_007.phpt

@@ -118,7 +118,7 @@ int(2)
 bool(false)
 ===S:-10,C===
 int(-1)
-bool(false)
+int(2)
 bool(false)
 ===S:3,S===
 int(0)

main/streams/streams.c

@@ -1390,6 +1390,10 @@ PHPAPI int _php_stream_seek(php_stream *stream, zend_off_t offset, int whence)
 				}
  				whence = SEEK_SET;
 				break;
+			case SEEK_SET:
+				if (offset < 0) {
+					return -1;
+				}
 		}
 		ret = stream->ops->seek(stream, offset, whence, &stream->position);